Common Vulnerabilities and Exposures by NIST

CVE-2014-8142 N/A

2014-12-20 2014-12-20

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-9296 N/A

2014-12-20 2014-12-20

The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-9295 N/A

2014-12-20 2014-12-20

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-9294 N/A

2014-12-20 2014-12-20

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-9293 N/A

2014-12-20 2014-12-20

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-9193 N/A

2014-12-20 2014-12-20

Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-8019 N/A

2014-12-20 2014-12-20

Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-8007 N/A

2014-12-20 2014-12-20

Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019.

Vendor(s): N/A

Affected OS(s) / software(s): N/A

CVE-2014-3410 N/A

2014-12-20 2014-12-20

The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.

Vendor(s): N/A

Affected OS(s) / software(s): N/A